<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第213期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第213期）</strong></h5>
<blockquote> 2018/03/26-2018/04/01</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[人物]&nbsp;&nbsp;</span>从抄书到开源之巅：章亦春的程序人生<br><a target="_blank" href="https://mp.weixin.qq.com/s/moyoJd1EnNziRPQgHbNXRw">https://mp.weixin.qq.com/s/moyoJd1EnNziRPQgHbNXRw</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>WebRTC bug 泄漏 VPN 用户的真实 IP<br><a target="_blank" href="https://www.solidot.org/story?sid=55977&amp;from=timeline">https://www.solidot.org/story?sid=55977&amp;from=timeline</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>2018 RSA  相关信息梳理<br><a target="_blank" href="https://mp.weixin.qq.com/s/cH6_AWMXRNOoAm_lruF7SQ">https://mp.weixin.qq.com/s/cH6_AWMXRNOoAm_lruF7SQ</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>NSF3000万美元推动计算和信息科学领域前沿变革研究<br><a target="_blank" href="https://mp.weixin.qq.com/s/WQ1JKpiYhe9-jb0RPsScIA">https://mp.weixin.qq.com/s/WQ1JKpiYhe9-jb0RPsScIA</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[会议]&nbsp;&nbsp;</span>Black Hat Asia 2018 slides<br><a target="_blank" href="https://www.blackhat.com/asia-18/briefings.html">https://www.blackhat.com/asia-18/briefings.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>利用最新Apache解析漏洞（CVE-2017-15715）绕过上传黑名单<br><a target="_blank" href="https://www.leavesongs.com/PENETRATION/apache-cve-2017-15715-vulnerability.html">https://www.leavesongs.com/PENETRATION/apache-cve-2017-15715-vulnerability.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SpringBoot应用监控Actuator使用的安全隐患<br><a target="_blank" href="https://xz.aliyun.com/t/2233">https://xz.aliyun.com/t/2233</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>宜信漏洞管理平台-洞察<br><a target="_blank" href="https://mp.weixin.qq.com/s/24V5nJ47ZyAAYTU78mjgvg">https://mp.weixin.qq.com/s/24V5nJ47ZyAAYTU78mjgvg</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>今日头条与木马<br><a target="_blank" href="http://tech.sina.com.cn/csj/2018-03-31/doc-ifysukft3959182.shtml">http://tech.sina.com.cn/csj/2018-03-31/doc-ifysukft3959182.shtml</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>第二届强网杯Web Writeup<br><a target="_blank" href="http://www.cnblogs.com/iamstudy/articles/2th_qiangwangbei_ctf_writeup.html">http://www.cnblogs.com/iamstudy/articles/2th_qiangwangbei_ctf_writeup.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>代码审计之LaySNS_v2.2.0漏洞分析<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzA3NzE2MjgwMg==&amp;mid=2448903626&amp;idx=1&amp;sn=633702a8d7330bafd3558c1652c07daa&amp;chksm=8b55dd97bc22548146659e311628a42c8c006e8c595b483eecadc29e940f616ebb2269226a85&amp;mpshare=1&amp;scene=23&amp;srcid=0328qev4vUCTZwDa55NSnIUt#rd">https://mp.weixin.qq.com/s?__biz=MzA3NzE2MjgwMg==&amp;mid=2448903626&amp;idx=1&amp;sn=633702a8d7330bafd3558c1652c07daa&amp;chksm=8b55dd97bc22548146659e311628a42c8c006e8c595b483eecadc29e940f616ebb2269226a85&amp;mpshare=1&amp;scene=23&amp;srcid=0328qev4vUCTZwDa55NSnIUt#rd</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span> 通俗、有逻辑的写一篇说下Xgboost的原理<br><a target="_blank" href="https://blog.csdn.net/github_38414650/article/details/76061893">https://blog.csdn.net/github_38414650/article/details/76061893</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>强网杯出题思路-solid_core-HijackPrctl<br><a target="_blank" href="https://bbs.pediy.com/thread-225488.htm">https://bbs.pediy.com/thread-225488.htm</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>记一次爬虫批量爬取exp<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI5NTQ5MTAzMA==&amp;mid=2247483860&amp;idx=1&amp;sn=c773f70165f5a48be62acdf8e0217f2d&amp;chksm=ec53856ddb240c7b372d85c3912456b236f9b37e399e30c687b4596892cf5c399ef4ea9aeb18&amp;scene=38#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzI5NTQ5MTAzMA==&amp;mid=2247483860&amp;idx=1&amp;sn=c773f70165f5a48be62acdf8e0217f2d&amp;chksm=ec53856ddb240c7b372d85c3912456b236f9b37e399e30c687b4596892cf5c399ef4ea9aeb18&amp;scene=38#wechat_redirect</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android Studio 3.0.1 编写 Xposed 插件入门记录<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/35003478">https://zhuanlan.zhihu.com/p/35003478</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>8291端口告警事件简报<br><a target="_blank" href="http://blog.netlab.360.com/quick-summary-port-8291-scan-cn/">http://blog.netlab.360.com/quick-summary-port-8291-scan-cn/</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>基于概念知识图谱的短文本理解<br><a target="_blank" href="https://mp.weixin.qq.com/s/avf72hYVq4WBJ63G6wlORA">https://mp.weixin.qq.com/s/avf72hYVq4WBJ63G6wlORA</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>ezXSS：一款功能强大的XSS盲测工具<br><a target="_blank" href="http://www.freebuf.com/sectool/165289.html">http://www.freebuf.com/sectool/165289.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>饿了么在ELasticsearch自动化运维平台和监控平台的应用实践<br><a target="_blank" href="https://elasticsearch.cn/slides/109?">https://elasticsearch.cn/slides/109?</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>摩诃草APT组织针对我国敏感机构最新的网络攻击活动分析<br><a target="_blank" href="https://mp.weixin.qq.com/s/hJvDqIuBZgd2_xua4suy0w">https://mp.weixin.qq.com/s/hJvDqIuBZgd2_xua4suy0w</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>渗透测试入门<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-36498-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-36498-1-1.html?from=sec</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>第二届强网杯Web Writeup<br><a target="_blank" href="https://www.anquanke.com/post/id/103213">https://www.anquanke.com/post/id/103213</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>QWB-2018 Web partial solutions<br><a target="_blank" href="https://mp.weixin.qq.com/s/xEBr7JxbSTt11oiBsgc3uw">https://mp.weixin.qq.com/s/xEBr7JxbSTt11oiBsgc3uw</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>Binary學習終極指南<br><a target="_blank" href="https://diabolo94.github.io/2017/12/10/utimatebinary/">https://diabolo94.github.io/2017/12/10/utimatebinary/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Powershell+dnscat2实现DNS隐蔽隧道反弹Shell，和检测方法<br><a target="_blank" href="https://mp.weixin.qq.com/s/5mDhzuGC2WEc8bdIjRg94w">https://mp.weixin.qq.com/s/5mDhzuGC2WEc8bdIjRg94w</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>PS4 4.55 BPF Race Condition Kernel Exploit Writeup<br><a target="_blank" href="https://github.com/Cryptogenic/Exploit-Writeups/blob/master/FreeBSD/PS4%204.55%20BPF%20Race%20Condition%20Kernel%20Exploit%20Writeup.md">https://github.com/Cryptogenic/Exploit-Writeups/blob/master/FreeBSD/PS4%204.55%20BPF%20Race%20Condition%20Kernel%20Exploit%20Writeup.md</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Attack seam framework<br><a target="_blank" href="https://xz.aliyun.com/t/2230">https://xz.aliyun.com/t/2230</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>Cisco2018年度网络安全报告（ACR）R11<br><a target="_blank" href="http://branden.biz/wp-content/uploads/2018/03/11.-Cisco-2018-Annual-Cybersecurity-Report.pdf">http://branden.biz/wp-content/uploads/2018/03/11.-Cisco-2018-Annual-Cybersecurity-Report.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Joomla内核SQL注入漏洞（CVE-2018-8045）分析<br><a target="_blank" href="http://blog.nsfocus.net/cve-2018-804-analysis/">http://blog.nsfocus.net/cve-2018-804-analysis/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>The phenomenon of smart contract honeypots<br><a target="_blank" href="https://medium.com/@gerhard.wagner/the-phenomena-of-smart-contract-honeypots-755c1f943f7b">https://medium.com/@gerhard.wagner/the-phenomena-of-smart-contract-honeypots-755c1f943f7b</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>强网杯“彩蛋”—Shiro 1.2.4(SHIRO-550)漏洞之发散性思考<br><a target="_blank" href="https://blog.zsxsoft.com/post/35">https://blog.zsxsoft.com/post/35</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>7块钱的BadUSB<br><a target="_blank" href="https://mp.weixin.qq.com/s/mIcRNcf5HmZ4axe8N92S7Q">https://mp.weixin.qq.com/s/mIcRNcf5HmZ4axe8N92S7Q</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>GitStack &lt;= 2.3.10 远程命令执行漏洞分析-CVE-2018-5955<br><a target="_blank" href="https://xz.aliyun.com/t/2235">https://xz.aliyun.com/t/2235</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>MIPCMS V3.1.0 远程写入配置文件Getshell过程分析(附批量getshell脚本)<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-36511-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-36511-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>MSSQL Error-Based SQL Injection Order by clause<br><a target="_blank" href="https://github.com/incredibleindishell/exploit-code-by-me/blob/master/MSSQL%20Error-Based%20SQL%20Injection%20Order%20by%20clause/Error%20based%20SQL%20Injection%20in%20%E2%80%9COrder%20By%E2%80%9D%20clause%20(MSSQL).pdf">https://github.com/incredibleindishell/exploit-code-by-me/blob/master/MSSQL%20Error-Based%20SQL%20Injection%20Order%20by%20clause/Error%20based%20SQL%20Injection%20in%20%E2%80%9COrder%20By%E2%80%9D%20clause%20(MSSQL).pdf</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>BLE安全入门及实战<br><a target="_blank" href="https://sec.xiaomi.com/article?id=14">https://sec.xiaomi.com/article?id=14</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Breaking the unbreakable voting machine! Bluefrost Ekoparty Stack Overflow Chall<br><a target="_blank" href="https://medium.com/@alex91ar/breaking-the-unbreakable-voting-machine-bluefrost-ekoparty-stack-overflow-challenge-1d6f4a255efe">https://medium.com/@alex91ar/breaking-the-unbreakable-voting-machine-bluefrost-ekoparty-stack-overflow-challenge-1d6f4a255efe</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>老司机带你过常规WAF<br><a target="_blank" href="https://www.anquanke.com/post/id/102852">https://www.anquanke.com/post/id/102852</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>DBScanner: 自动扫描内网常数据库脚本未授权访问及常规弱口令检测<br><a target="_blank" href="https://github.com/se55i0n/DBScanner">https://github.com/se55i0n/DBScanner</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>PHP-FPM源码分析<br><a target="_blank" href="https://github.com/owenliang/php-fpm-code-analysis">https://github.com/owenliang/php-fpm-code-analysis</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>逆向分析以太坊智能合约<br><a target="_blank" href="https://www.anquanke.com/post/id/101979">https://www.anquanke.com/post/id/101979</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>following the trace of WMI Backdoors &amp; other nastiness<br><a target="_blank" href="https://www.eideon.com/2018-03-02-THL03-WMIBackdoors/">https://www.eideon.com/2018-03-02-THL03-WMIBackdoors/</a></div><div class="single"><span id="tags">[杂志]&nbsp;&nbsp;</span>SecWiki周刊（第212期)<br><a target="_blank" href="https://www.sec-wiki.com/weekly/212">https://www.sec-wiki.com/weekly/212</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>腾讯2017年度传销态势感知白皮书<br><a target="_blank" href="https://slab.qq.com/news/authority/1745.html">https://slab.qq.com/news/authority/1745.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Prevent bypassing of SSL certificate pinning in iOS applications<br><a target="_blank" href="https://www.guardsquare.com/en/blog/iOS-SSL-certificate-pinning-bypassing">https://www.guardsquare.com/en/blog/iOS-SSL-certificate-pinning-bypassing</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android 4.4 - Android 7.1 APP Vulnerability Benchmarks<br><a target="_blank" href="https://bitbucket.org/secure-it-i/android-app-vulnerability-benchmarks/src/master/">https://bitbucket.org/secure-it-i/android-app-vulnerability-benchmarks/src/master/</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>Threat Landscape for Industrial Automation Systems in H2 2017 <br><a target="_blank" href="https://ics-cert.kaspersky.com/reports/2018/03/26/threat-landscape-for-industrial-automation-systems-in-h2-2017/">https://ics-cert.kaspersky.com/reports/2018/03/26/threat-landscape-for-industrial-automation-systems-in-h2-2017/</a></div><div class="single"><span id="tags">[观点]&nbsp;&nbsp;</span>第二届强网杯中应用的一种反作弊新思路<br><a target="_blank" href="http://www.freebuf.com/column/166714.html">http://www.freebuf.com/column/166714.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Python is the best language-Writeup<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/topic/2219">https://xianzhi.aliyun.com/forum/topic/2219</a></div><div class="single"><span id="tags">[观点]&nbsp;&nbsp;</span>初探下一代SIEM核心技术发展趋势 <br><a target="_blank" href="https://www.sec-un.org/%e5%88%9d%e6%8e%a2%e4%b8%8b%e4%b8%80%e4%bb%a3siem%e6%a0%b8%e5%bf%83%e6%8a%80%e6%9c%af%e5%8f%91%e5%b1%95%e8%b6%8b%e5%8a%bf/">https://www.sec-un.org/%e5%88%9d%e6%8e%a2%e4%b8%8b%e4%b8%80%e4%bb%a3siem%e6%a0%b8%e5%bf%83%e6%8a%80%e6%9c%af%e5%8f%91%e5%b1%95%e8%b6%8b%e5%8a%bf/</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>IoTInfographic<br><a target="_blank" href="https://github.com/Xipiter/IoTInfographic">https://github.com/Xipiter/IoTInfographic</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>JBoss引起的内网渗透-3 <br><a target="_blank" href="http://rcoil.me/2018/03/JBoss%E5%BC%95%E8%B5%B7%E7%9A%84%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F-3/">http://rcoil.me/2018/03/JBoss%E5%BC%95%E8%B5%B7%E7%9A%84%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F-3/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>#BugBounty — API keys leakage, Source code disclosure in India’s largest e-comme<br><a target="_blank" href="https://medium.com/bugbountywriteup/bugbounty-api-keys-leakage-source-code-disclosure-in-indias-largest-e-commerce-health-care-c75967392c7e">https://medium.com/bugbountywriteup/bugbounty-api-keys-leakage-source-code-disclosure-in-indias-largest-e-commerce-health-care-c75967392c7e</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>uefi-ninja<br><a target="_blank" href="https://lightbulbone.com/posts/2018/03/uefi-ninja/">https://lightbulbone.com/posts/2018/03/uefi-ninja/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>密码破解全能工具：Hashcat密码破解攻略<br><a target="_blank" href="http://www.freebuf.com/sectool/164507.html">http://www.freebuf.com/sectool/164507.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>容器镜像安全概述 <br><a target="_blank" href="http://blog.nsfocus.net/docker-mirror-security/">http://blog.nsfocus.net/docker-mirror-security/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Exploiting Jolokia Agent with Java EE Servers<br><a target="_blank" href="https://mp.weixin.qq.com/s/blpFK0oigTGtI_eVJxEL0w">https://mp.weixin.qq.com/s/blpFK0oigTGtI_eVJxEL0w</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>客户端 session 导致的安全问题 <br><a target="_blank" href="https://www.leavesongs.com/PENETRATION/client-session-security.html">https://www.leavesongs.com/PENETRATION/client-session-security.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Tools to gather subdomains from Bug Bounty programs<br><a target="_blank" href="https://github.com/bonkc/BugBountySubdomains">https://github.com/bonkc/BugBountySubdomains</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Exploit kits: Winter 2018 review<br><a target="_blank" href="https://blog.malwarebytes.com/threat-analysis/2018/03/exploit-kits-winter-2018-review/">https://blog.malwarebytes.com/threat-analysis/2018/03/exploit-kits-winter-2018-review/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>浅谈Linux系统MongoDB安全配置<br><a target="_blank" href="https://mp.weixin.qq.com/s/j5NFI8oX-BC5waxLOl58aQ">https://mp.weixin.qq.com/s/j5NFI8oX-BC5waxLOl58aQ</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Awesome XSS stuff<br><a target="_blank" href="https://github.com/UltimateHackers/AwesomeXSS">https://github.com/UltimateHackers/AwesomeXSS</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Adhrit：open source Android APK reversing and analysis tool<br><a target="_blank" href="https://github.com/abhi-r3v0/Adhrit/">https://github.com/abhi-r3v0/Adhrit/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>#BugBounty — Rewarded by securing vulnerabilities in Bookmyshow (India’s largest<br><a target="_blank" href="https://medium.com/@logicbomb_1/bugbounty-rewarded-by-securing-vulnerabilities-in-bookmyshow-indias-largest-online-movie-bb81dba9b82">https://medium.com/@logicbomb_1/bugbounty-rewarded-by-securing-vulnerabilities-in-bookmyshow-indias-largest-online-movie-bb81dba9b82</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>代码审计之QYKCMS后台任意文件上传、任意文件读取漏洞<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzA3NzE2MjgwMg==&amp;mid=2448903645&amp;idx=1&amp;sn=bd058d8d8b35bcbe228590b287a668ca&amp;chksm=8b55dd80bc22549695d5b1853835c608f2b7c8803dd1af5f39369adea6075d947225e1ffa38a&amp;mpshare=1&amp;scene=23&amp;srcid=0331OXFL35OcYMseHFsBVUKQ#rd">https://mp.weixin.qq.com/s?__biz=MzA3NzE2MjgwMg==&amp;mid=2448903645&amp;idx=1&amp;sn=bd058d8d8b35bcbe228590b287a668ca&amp;chksm=8b55dd80bc22549695d5b1853835c608f2b7c8803dd1af5f39369adea6075d947225e1ffa38a&amp;mpshare=1&amp;scene=23&amp;srcid=0331OXFL35OcYMseHFsBVUKQ#rd</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>你必须了解的漏洞利用缓解及对抗技术<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/24489276">https://zhuanlan.zhihu.com/p/24489276</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Jolokia JNDI Injection&amp;XXE Vulnerability分析复现<br><a target="_blank" href="http://www.polaris-lab.com/index.php/archives/493/">http://www.polaris-lab.com/index.php/archives/493/</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>YARA Rules for Finding and Analyzing in InfoSec <br><a target="_blank" href="https://www.alienvault.com/blogs/security-essentials/yara-rules-for-finding-and-analyzing-in-infosec">https://www.alienvault.com/blogs/security-essentials/yara-rules-for-finding-and-analyzing-in-infosec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>攻防组网之----MikroTik软路由的配置和FUZZ<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-36817-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-36817-1-1.html?from=sec</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>basics-of-tracking-wmi-activity<br><a target="_blank" href="https://www.darkoperator.com/blog/2017/10/14/basics-of-tracking-wmi-activity">https://www.darkoperator.com/blog/2017/10/14/basics-of-tracking-wmi-activity</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Open XML标签解析类漏洞分析思路<br><a target="_blank" href="https://www.anquanke.com/post/id/103080">https://www.anquanke.com/post/id/103080</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>Signature Based Detection of User Events for PostMortem Forensic Analysis<br><a target="_blank" href="https://arxiv.org/ftp/arxiv/papers/1302/1302.2395.pdf">https://arxiv.org/ftp/arxiv/papers/1302/1302.2395.pdf</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>Exploring the opportunities and limitations of Threat Intelligence Platforms<br><a target="_blank" href="https://www.enisa.europa.eu/publications/exploring-the-opportunities-and-limitations-of-current-threat-intelligence-platforms">https://www.enisa.europa.eu/publications/exploring-the-opportunities-and-limitations-of-current-threat-intelligence-platforms</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Exploiting Facebook data for stealing your friends’ digital identities<br><a target="_blank" href="https://medium.com/bugbountywriteup/exploiting-facebook-data-for-stealing-your-friends-digital-identities-68511ec2d21d">https://medium.com/bugbountywriteup/exploiting-facebook-data-for-stealing-your-friends-digital-identities-68511ec2d21d</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Multi-stage Powershell script (Brownies) <br><a target="_blank" href="https://dissectmalware.wordpress.com/2018/03/28/multi-stage-powershell-script/">https://dissectmalware.wordpress.com/2018/03/28/multi-stage-powershell-script/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>Zeppelin Augur Core Audit v1.0.0<br><a target="_blank" href="https://docs.google.com/document/d/1saSVpT2Ixd58q-DZlTtzfkNizuTTE4yVoGuWz_AatZM/edit">https://docs.google.com/document/d/1saSVpT2Ixd58q-DZlTtzfkNizuTTE4yVoGuWz_AatZM/edit</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Quickpost: Using Suricata on Windows<br><a target="_blank" href="https://blog.didierstevens.com/2018/03/27/quickpost-using-suricata-on-windows/">https://blog.didierstevens.com/2018/03/27/quickpost-using-suricata-on-windows/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Who and What Is Coinhive?<br><a target="_blank" href="https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/">https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>ScrapedIn：A tool to scrape LinkedIn without API restrictions for data reconnaiss<br><a target="_blank" href="https://github.com/dchrastil/ScrapedIn">https://github.com/dchrastil/ScrapedIn</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>利用插件对Chrome进行UXSS<br><a target="_blank" href="https://mp.weixin.qq.com/s/2uYgr1hNbP_lUBYVREM6vg">https://mp.weixin.qq.com/s/2uYgr1hNbP_lUBYVREM6vg</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>利用恶意页面攻击本地Xdebug<br><a target="_blank" href="https://xlab.tencent.com/cn/2018/03/30/pwn-local-xdebug/">https://xlab.tencent.com/cn/2018/03/30/pwn-local-xdebug/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Amazon&#039;s AWS Misconfiguration: Arbitrary Files Upload in Amazon Go<br><a target="_blank" href="https://rhinosecuritylabs.com/aws/amazon-aws-misconfiguration-amazon-go/">https://rhinosecuritylabs.com/aws/amazon-aws-misconfiguration-amazon-go/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Cowrie Honeypot Analysis<br><a target="_blank" href="https://hackertarget.com/cowrie-honeypot-analysis-24hrs/">https://hackertarget.com/cowrie-honeypot-analysis-24hrs/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Exploring Cobalt Strike&#039;s ExternalC2 framework<br><a target="_blank" href="https://blog.xpnsec.com/exploring-cobalt-strikes-externalc2-framework/">https://blog.xpnsec.com/exploring-cobalt-strikes-externalc2-framework/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>CryptoPot：Simple cryptocurrency mining honeypot<br><a target="_blank" href="https://github.com/omergunal/CryptoPot">https://github.com/omergunal/CryptoPot</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Exploiting Browser Extensions &amp; Context Menus<br><a target="_blank" href="https://harleo.me/blog/exploiting-browser-extensions-context-menus">https://harleo.me/blog/exploiting-browser-extensions-context-menus</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Go-deliver is a payload delivery tool coded in Go.<br><a target="_blank" href="https://github.com/0x09AL/go-deliver">https://github.com/0x09AL/go-deliver</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>How BloodHound&#039;s Session Collection Works<br><a target="_blank" href="https://www.youtube.com/watch?v=q86VgM2Tafc">https://www.youtube.com/watch?v=q86VgM2Tafc</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全专题</strong>
    </div><div class="single">APP安全在线检测系统<br><a target="_blank" href="https://www.sec-wiki.com/topic/82">https://www.sec-wiki.com/topic/82</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/213">SecWiki周刊(第213期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
